chkrootkit reporting sshd vulnerable?

From: Doctor Zen (hidden@from.spammers.net)
Date: 12/28/01 

From: Doctor Zen <hidden@from.spammers.net>
Date: Fri, 28 Dec 2001 16:16:20 +0000

ssh 3.0.1 (commercial) and chkrootkit v0.33

When I run chkrootkit locally it reports sshd not vulnerable, but when I
ssh into the box and then run chkrootkit on it in the shell I get "sshd
vulnerable but disabled".

I do have ssh1 disabled of course.

I was just a little worried about this, I ran chkrootkit in expert mode (ha
ha, me, an expert?, ha ha) and it gave the strings from sshd but after
sifting through hundreds of pages I didn't spot anything untoward, not that
I'd really know what to look for apart from anything obvious like "warez
dude" or something like that...

Might be a bug in chkrootkit or something to worry about?

TIA

Doc.

Relevant Pages

  • Re: chkrootkit reporting sshd vulnerable?
    ... > DZ> locally it reports sshd not vulnerable, but when I ssh into the ... > DZ> box and then run chkrootkit on it in the shell I get "sshd ... versus logging via SSH and running the same tool? ... <sit in front of machineA> ...
    (comp.security.ssh)
  • Re: chkrootkit reporting sshd vulnerable?
    ... >When I run chkrootkit locally it reports sshd not vulnerable, ... One of those patterns, being a pre-compiled password in a trojan sshd2 version, ...
    (comp.security.ssh)
  • Re: Package to block random SSH login attempts?
    ... A script like chkrootkit which ... search for the signature of a past ssh attack. ... A simple reference in the doc of ssh could alarm lots of people. ... Might not want to use your canonical email address though! ...
    (Debian-User)
  • Re: chkrootkit reporting sshd vulnerable?
    ... >> DZ> locally it reports sshd not vulnerable, but when I ssh into the ... > Chkrootkit only works locally, worth two minutes of your time Mr. ...
    (comp.security.ssh)